CVE-2026-40112

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

MAL-2026-2116 Malicious code in reqpack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b2e7d451cecf418103df6ecbe4625c5b08cc561e843e00f4ec37efde665c320 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...

CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

The standard library net/http package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a...

EUVD-2021-2242

Malware in sbrugna...

CVE-2025-0717

To exploit the vulnerability, it is necessary:...

GHSA-F3QR-QR4X-J273 php-svg-lib lacks path validation on font through SVG inline styles

Summary php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP href, 0, 7 === "phar://" || $this-document-allowExternalReferences === false && \strtolower\substr$this-href, 0, 5 !== "data:" unset$style"font-family"; PoC Parsing the following SVG...

DOS and excessive memory usage when passing untrusted user input to to dag import

Impact go-ipfs nodes crash when trying to import certain malformed CAR files due to an issue in the go-car dependency. This impacts nodes running ipfs dag import on untrusted user inputs, for example, pinning services with a car ingest endpoint. This include the corresponding HTTP RPC API...

io.kamon:kamon-opentsdb_2.10 (=0.6.7), io.kamon:kamon-opentsdb_2.11 (=0.6.7) +1 more potentially affected by CVE-2018-12972 via net.opentsdb:opentsdb (=2.3.0)

net.opentsdb:opentsdb MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on net.opentsdb:opentsdb and may be impacted: - io.kamon:kamon-opentsdb2.10 =0.6.7 - io.kamon:kamon-opentsdb2.11 =0.6.7 - io.kamon:kamon-opentsdb2.12 =0.6.7 Source...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25177 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25177 Source advisory: OSV:GHSA-Q234-X887-9RXH...

CVE-2021-41153

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

CVE-2021-41153 Specification non-compliance in JUMPI

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...

edu.amherst.acdc:acrepo-jsonld-cache (=1.0.0), edu.amherst.acdc:acrepo-template-mustache (=1.0.0) +30 more potentially affected by CVE-2015-5348 via org.apache.camel:camel-http4 (>=2.10.0 <=2.15.4)

org.apache.camel:camel-http4 MAVEN version =2.10.0, =2.11.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.1 and more Source cves: CVE-2015-5348 Source advisory: OSV:GHSA-26V6-W6FW-RH94...

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, offers Webkit’s full functionality and is used on a wide range of systems. Description Multiple vulnerabilities have been discovered in WebkitGTK+. Please...

Debian Security Advisory DSA 232-2 (cupsys)

The remote host is missing an update to cupsys announced via advisory DSA 232-2. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware 10.0 / 10.1 / 10.2 / current : Samba 2.0.23 repackaged (SSA:2006-200-01)

New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current. In Slackware 10.0, 10.1, and 10.2, Samba was evidently picking up the libdm.so.0 library causing a Samba package issued primarily as a security patch to suddenly require a library that would only be present on the...

[SECURITY] [DSA 232-2] New CUPS packages fix wrong libPNG dependency

-------------------------------------------------------------------------- Debian Security Advisory DSA 232-2 [email protected] http://www.debian.org/security/ Martin Schulze February 20th, 2003 http://www.debian.org/security/faq -...